diff options
author | Jon Marius Venstad <venstad@gmail.com> | 2019-10-02 17:44:33 +0200 |
---|---|---|
committer | Jon Marius Venstad <venstad@gmail.com> | 2019-10-02 17:44:33 +0200 |
commit | 5927e7f3dca0781bf0dc2dde4737dac85d85788b (patch) | |
tree | 1e834f514326a878bf33edecde26dbd6fb7c336b /controller-api | |
parent | 87dabd85693ee4d607c67c1d1433a80f9bfb256f (diff) |
Add new roles
Diffstat (limited to 'controller-api')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java | 20 | ||||
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java | 21 |
2 files changed, 41 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java index f36107db228..606db8a0f2f 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java @@ -58,6 +58,26 @@ public abstract class Role { return new TenantRole(RoleDefinition.tenantOperator, tenant); } + /** Returns a {@link RoleDefinition#reader} for the current system and given tenant. */ + public static TenantRole reader(TenantName tenant) { + return new TenantRole(RoleDefinition.reader, tenant); + } + + /** Returns a {@link RoleDefinition#developer} for the current system and given tenant. */ + public static TenantRole developer(TenantName tenant) { + return new TenantRole(RoleDefinition.developer, tenant); + } + + /** Returns a {@link RoleDefinition#administrator} for the current system and given tenant. */ + public static TenantRole administrator(TenantName tenant) { + return new TenantRole(RoleDefinition.administrator, tenant); + } + + /** Returns a {@link RoleDefinition#headless} for the current system, given tenant, and application */ + public static ApplicationRole headless(TenantName tenant, ApplicationName application) { + return new ApplicationRole(RoleDefinition.headless, tenant, application); + } + /** Returns a {@link RoleDefinition#applicationAdmin} for the current system and given tenant and application. */ public static ApplicationRole applicationAdmin(TenantName tenant, ApplicationName application) { return new ApplicationRole(RoleDefinition.applicationAdmin, tenant, application); diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index 7bbd89404c7..d9542b28428 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -70,6 +70,27 @@ public enum RoleDefinition { tenantOwner(tenantAdmin, Policy.tenantDelete), + /** Reader — the base role for all tenant users */ + reader(Policy.tenantRead, + Policy.applicationRead, + Policy.deploymentRead, + Policy.publicRead), + + /** User — the dev.ops. role for normal Vespa tenant users */ + developer(Policy.applicationCreate, + Policy.applicationUpdate, + Policy.applicationDelete, + Policy.applicationOperations, + Policy.developmentDeployment), + + /** Admin — the administrative function for user management etc. */ + administrator(Policy.tenantUpdate, + Policy.tenantManager, + Policy.applicationManager), + + /** Headless — the application specific role identified by deployment keys for production */ + headless(Policy.submission), + /** Build and continuous delivery service. */ // TODO replace with buildService, when everyone is on new pipeline. tenantPipeline(everyone, Policy.submission, |